SQL (Structured Query Language) and its various implementations are widely used database technology. Transact-SQL (TSQL) is an extension of SQL which provides flow control, local variables, and additional support functions; except as otherwise expressly indicated, references herein to SQL also include TSQL. SQL injection is a potentially malicious activity which exploits website and other external-facing interface security vulnerabilities by violating assumptions about user-provided input. A SQL injection vulnerability exists when user-supplied data is directly used in the construction of a dynamic SQL statement, or when user input is stored in a database using one web page and then retrieved from the database and used to construct dynamic SQL statements in a different web page, for example. In each case, a malicious attacker can inject SQL commands into the SQL statement and misuse the database and in turn the website, using those injected commands, e.g., compromise the backend database using those injected commands.
Techniques for reducing or preventing SQL injection vary. For example, web server and database logs may be scrutinized to check for anomalous queries or unusual accesses. Permissions may be limited to the minimum needed, rather than granting users administrative privileges. Code for a given website may also be reviewed for vulnerabilities, and modified as needed to validate user input, to use parameterized queries, and to use escapes and delimiters to reduce injection opportunities. Code review may be manual, automated, or a combination of manual and automated review.
In some approaches, an automated program analysis (not necessarily for SQL injection) is performed using annotations of the program by a developer, while in other approaches, no annotation is used. However, some known program annotation approaches require integration of the annotations into the compiler, so that placing annotations in a program's source code does not prevent compilation of the source code.